Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Younis, YA
Languages: English
Types: Doctoral thesis
Subjects: QA75
Cloud computing offers cost effective services on-demand which encourage critical infrastructure providers to consider migrating to the cloud. Critical infrastructures are considered as a backbone of modern societies such as power plants and water. Information in cloud computing is likely to be shared among different entities, which could have various degrees of sensitivity. This requires robust isolation and access control mechanisms. Although various access control models and policies have been developed, they cannot fulfil requirements for a cloud based access control system. The reason is that cloud computing has a diverse sets of security requirements and unique security challenges such as multi-tenant and heterogeneity of security policies, rules and domains.\ud \ud This thesis provides a detailed study of cloud computing security challenges and threats, which were used to identify security requirements for various critical infrastructure providers. We found that an access control system is a crucial security requirement for the surveyed critical infrastructure providers. Furthermore, the requirement analysis was used to propose a new criteria to evaluate access control systems for cloud computing. Moreover, this work presents a new cloud based access control model to meet the identified cloud access control requirements. The model does not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permissions for the same cloud user.\ud \ud Our focused in the proposed model is the lack of data isolation in lower levels (CPU caches), which could lead to bypass access control models to gain some sensitive information by using cache side-channel attacks. Therefore, the thesis investigates various real attack scenarios and the gaps in existing mitigation approaches. It presents a new Prime and Probe cache side-channel attack, which can give detailed information about addresses accessed by a virtual machine with no need for any information about cache sets accessed by the virtual machine. The design, implementation and evaluation of a proposed solution preventing cache side-channel attacks are also presented in the thesis. It is a new lightweight solution, which introduces very low overhead (less than 15,000 CPU cycles). It can be applied in any operating system and prevents cache side-channel attacks in cloud computing. The thesis also presents a new detecting cache side-channel attacks solution. It focuses on the infrastructure used to host cloud computing tenants by counting cache misses caused by a virtual machine. The detection solutions has 0% false negative and 15% false positive.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • Y. A. Younis, K. Kifayat, and M. Merabti, “An Access Control Model for Cloud Computing,” J. Inf. Secur. Appl., vol. 19, no. 1, pp. 45-60, Feb. 2015 A. Younis, Y., Kifayat, K., Shi, Q., & Askwith, B. A New Prime and Probe Cache SideChannel Attack for Cloud Computing. In the 13th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC-2015) (p. 7), Liverpool UK. 2015.
    • A. Younis, Y., Kifayat, K., & Merabti, M. A Novel Evaluation Criteria to Cloud Based Access Control Models. In The 11th IEEE International Conference on Innovations in Information Technology (IIT'15) (p. 6), Dubai, UAE. 2015.
    • A Younis, Y., Kifayat, K. & Merabti, M., 2014. Cache Side-Channel Attacks in Cloud Computing. The Second International Conference on Cloud Security Management ICCSM-2014. (p. 10), Reading, UK. 2014.
    • A. Younis, Y., Merabti, M. & Kifayat, K. Cloud Computing Security & Privacy Challenges. In The 15th annual post graduate symposium on the convergence of telecommunications, networking and broadcasting. p. 6, Liverpool, UK. 2014.
    • L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev, “Nonmonopolizable caches,” ACM Trans. Archit. Code Optim., vol. 8, no. 4, pp. 1-21, Jan.
    • [79] J. Kong and O. Aciicmez, “Architecting against software cache-based side-channel attacks,” IEEE Trans. Comput., vol. 62, no. 7, pp. 1276-1288, 2013.
    • [77] [78] [80] [81] [82] [83] [84] [85] [86] [87] D. Bernstein, “OProfile overhead,”.
    • http://oprofile.sourceforge.net/performance/. 2014.
    • [88] A. Almutairi, M. Sarfraz, and S. Basalamah, “A Distributed Access Control Architecture for Cloud Computing,” IEEE Software, vol. 29, no. 2, pp. 36-44, 2012.
    • [89] D. F. Ferraiolo, J. F. Barkley, and D. R. Kuhn, “A role-based access control model and reference implementation within a corporate intranet,” ACM Trans. Inf. Syst. Secur., vol. 2, no. 1, pp. 34-64, Feb. 1999.
    • [90] K. Hasebe, M. Mabuchi, and A. Matsushita, “Capability-based delegation model in RBAC,” in The 15th ACM symposium on Access control models and technologies (SACMAT '10), pp. 109-118, 2010.
    • [91] R. T. Simon and M. E. Zurko, “Separation of Duty in Role-Based Environments,” in The 10th Computer Security Foundations Workshop, pp. 183-194, 1997.
    • [92] A. Schaad, P. Spadone, and H. Weichsel, “A case study of separation of duty properties in the context of the Austrian eLaw process.,” in the ACM symposium on Applied computing SAC '05, pp. 1328-1332, 2005.
    • [93] R. Sandhu, D. Ferraiolo, and R. Kuhn, “The NIST model for role-based access control: towards a unified standard,” in The fifth ACM workshop on Role-based access control (RBAC '00), pp. 47-63, 2000.
    • [94] S. Hwang, Y. Chen, and Y. Tang, “Web Services and Role Selection in Support of Separation of Duties and Binding of Duties for Composable Process Execution,” A J. Theory Ordered Sets Its Appl., vol. 5, no. c, 2009.
    • [95] S. Crago, K. Dunn, P. Eads, L. Hochstein, D.-I. Kang, M. Kang, D. Modium, K. Singh, J. Suh, and J. P. Walters, “Heterogeneous Cloud Computing,” in The IEEE International Conference on Cluster Computing, pp. 378-385, 2011.
    • [96] V. C. Hu, D. R. Kuhn, and D. F. Ferraiolo, “The Computational Complexity of Enforceability Validation for Generic Access Control Rules,” in IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06), vol. 1, pp. 260-267, 2006.
    • [97] M. Dalton, C. Kozyrakis, and N. Zeldovich, “Nemesis: preventing authentication & access control vulnerabilities in web applications,” in The 18th conference on USENIX security symposium (SSYM'09), pp. 267-282, 2009.
    • [98] V. Patil, A. Mei, and L. Mancini, “Addressing interoperability issues in access control
    • [100] R. Sandhu, E. Coyne, H. Feinstein, and C. Youman, “Role-based access control models,” Computer (Long. Beach. Calif)., vol. 29, no. 2, pp. 38-47, 1996.
    • [101] S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” in The IEEE INFOCOM, pp. 1-9, 2010.
    • [102] Z. Iqbal and J. Noll, “Towards Semantic-Enhanced Attribute-Based Access Control for Cloud Services,” in The 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 1223-1230, 2012.
    • [103] W. Li and H. Wan, “A Refined RBAC Model for Cloud Computing,” in The 11th IEEE/ACIS International Conference on Computer and Information Science, pp. 43-48, 2012.
    • [104] Z. Tan, Z. Tang, R. Li, A. Sallam, and L. Yang, “Research on trust-based access control model in cloud computing,” in The 6th IEEE Joint International Information Technology and Artificial Intelligence Conference, pp. 339-344, 2011.
    • [105] D. Chisnall, “The definitive guide to the xen hypervisor,”. [Online]. Available: http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:The+Definitive+Gui de+to+the+Xen+Hypervisor#0. 2008.
    • [106] Amazon, “Amazon Elastic Compute Cloud,”. [Online]. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-ug.pdf. 2014.
    • [110] Intel, “Intel® 64 and IA-32 Architectures Software Developer's Manual Volume 2 (2A, 2B & 2C): Instruction Set Reference, A-Z,”. [Online]. Available: http://www.intel.co.uk/content/dam/www/public/us/en/documents/manuals/64-ia-32- architectures-software-developer-instruction-set-reference-manual-325383.pdf. 2014.
    • [111] Xen, “Credit Scheduler,” Xen.org,. http://wiki.xen.org/wiki/Credit_Scheduler. 2015.
  • No related research data.
  • No similar publications.

Share - Bookmark

Download from

Cite this article